Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

macOS spawngating - frida-helper crash/not functional with Node bindings #91

Open
spotlightishere opened this issue Jan 8, 2024 · 0 comments
Open

macOS spawngating - frida-helper crash/not functional with Node bindings #91

spotlightishere opened this issue Jan 8, 2024 · 0 comments

Comments

@spotlightishere
Copy link

spotlightishere commented Jan 8, 2024
edited
Loading

Apologies if this is the wrong repository to file this under - please let me know!

When attaching to a local macOS device using these Node bindings, attempting to enable spawn gating has frida-helper crash. After recompiling Frida 16.1.10 and the binding with symbols, the following stacktrace is visible:

Thread 0 Crashed:
0   frida-helper                  	       0x10710e73b safe_fdwalk_with_invalid_fds + 92 (gspawn.c:1614)
1   frida-helper                  	       0x10710e174 safe_closefrom + 30 (gspawn.c:1725) [inlined]
2   frida-helper                  	       0x10710e174 do_exec + 626 (gspawn.c:1958)
3   frida-helper                  	       0x10710dc6b fork_exec + 3563
4   frida-helper                  	       0x10710de60 g_spawn_async_with_pipes_and_fds + 315 (gspawn.c:933)
5   frida-helper                  	       0x10709076b initable_init + 556 (gsubprocess.c:400)
6   frida-helper                  	       0x10707a087 g_initable_new_valist + 38 (ginitable.c:250)
7   frida-helper                  	       0x10707a043 g_initable_new + 131 (ginitable.c:164)
8   frida-helper                  	       0x10708fddd g_subprocess_newv + 67 (gsubprocess.c:585)
9   frida-helper                  	       0x107052f7d frida_dtrace_agent_enable_spawn_gating + 493 (frida-helper-backend.vala:695)
10  frida-helper                  	       0x107056922 frida_darwin_helper_backend_real_enable_spawn_gating_co + 66 (frida-helper-backend.vala:97)
[...]

This crash is reproducible with the included spawn gating example, and I was able to reproduce this under several macOS versions (primarily Monterey and Sonoma). It appears the issue regarding safe_fdwalk_with_invalid_fds was raised and resolved in upstream GLib on issue 3024.

However, after applying the upstream commit to Frida's GLib fork and rebuilding the SDK/Frida itself, spawngating continues to not be functional with the Node bindings. The spawn-added signal appears to never fire.

Frustratingly, when using frida-trace -W 'example' or the Python bindings directly, the GLib issue is not encountered whatsoever, and spawn gating functions. I'm uncertain on how to continue debugging - would very much appreciate pointers!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@spotlightishere